Pretty cool to see VeriSign's OpenID Provider continue to get new features and a new look. From TechCrunch it sounds like one of the big features is password management for websites that don't yet support OpenID. Cool! Glad to see the team there continue to push the PIP forward. One click login for a bunch of sites:

Timely patching of one's operating system needs to be one of the host of requirements placed on any identity provider

Let's avoid the word "credential". It has so many meanings as to be confusing

Last year we announced an experiment at Sun: in order to gather more information about the operational characteristics of "user-centric" identity technologies, we decided to roll out an OpenID provider for Sun employees. This OpenID provider was intended to be used by Sun employees for personal usage at various OpenID sites that have been popping up at some places. This experiment involved various parts of the company, including field people, products folks, the security team, and our Chief Privacy

Passwords seem perfectly natural "because we’ve been trained to repeat them so much"

With the recent news about the DNS cache vulnerability, users are more exposed than ever to potential security attacks, including phishing or pharming attacks, that apply to OpenID as well as other network systems. For example, the ability to redirect DNS requests through cache poisoning opens the door to a significant OpenID security risk: if the OpenID provider is not employing TLS with server-side authentication — preferably mutual authentication — any affected DNS server could redirect the client

I have heard a number of great things about Dave Morin at Facebook and have been wanting to chat with him about his views on identity for a while, and yesterday I had the opportunity to sit down with him and Josh Elman. For those that don’t know Dave, he is one of the driving [...]

I moderated a session at the recent SSO Summit titled “What is OAuth and WS-Trust, and where does it fit into your web services SSO initiatives“. “User-centric identity” is past-its-prime and “Identity as a Service‘ has already been beaten enough. And hence I was glad to get a chance to dig into the services/API use cases [...]

*** Hardt asks the question on his blog if Facebook Connect is a fatal blow to OpenID . I actually think that it helps to show why OpenID is going to become so valuable as you start to invest in your profile(s). To me, it shows that we're now all able to tell the same story and explain to normal people the value of having an identity and profile that can move about them around the web. Just as no one would let Microsoft own the protocol, no one is going to let Facebook either. I'm hoping that we'll

My post yesterday on Facebook Connect raised a few eyebrows. I had a few discussions with people and a comparison of consumer identity solutions past and present may provide some context. (I have excluded InfoCards as I see them as a strong, enterprise grade solution that is currently too heavy for general consumer use.) Passport Microsoft rolled [...]